Information Security Manager

Responsibilities:- Perform compliance testing and facilitate remediation for implementation of the Infosys Information Security and Compliance Unified Reporting Framework for Engagements (I-Secure) for the dedicated engagement by working with all relevant stakeholders - Document and ensure management of information security risks arising out of periodic security due diligence reviews - Drive process improvements for the engagement in the area of information security - Provide SME support in handling client reported security incidents and ensure timely closure of the raised incidents and submission of Root Cause Analysis (RCA) by various with various internal stakeholders such as the security incident management team (SIMT)within ISG - Communicate information security incidents to client within stipulated time frame as per the contract and track closure of all reported security incidents - Get required internal and client approvals for Business as Usual (BAU) security activities such as Vulnerability scans, installation/extensions, Change Requests, admin rights, additional software requirements, floor visits, and all security exceptions - Independently Drive periodic meetings with client security team by collating required details for defined parameters - Manage ISG driven internal SPOT checks - Facilitate Implementation of all the information security contractual requirements within the engagement - Make security presentations and give required assurance to the client during audits and visits at different locations - Facilitate closure of information security audit findings received during client conducted audits & spot checks - Report to internal ISG and delivery management about any Cyber security issues and keep them periodically informed about engagement’s compliance posture - Facilitate implementation of various standard, regulatory and compliance requirements such as ISO27001, SSAE18, PCI DSS, HIPAA etc. as applicable to the engagement - Support for responding to information security related request for information/ proposals (RFI/RFPs), review master services agreements and any renewals or amendments for the engagement - Analyze data generated during ongoing information processing activities to generate information security metrics that indicate the level of risk to the engagement - Conduct periodic information security awareness sessions for the engagementSkills and knowledge expectations:- The candidate shall have at least 6-7 years’ experience in Information Security Governance, risk and compliance management with strong data and network security concepts. The candidate shall have vast experience in the areas of Risk Management, Governance, Compliance, Security policy and Metrics. - The candidate should possess excellent technical, analytical, troubleshooting and problem-solving skills. The candidate is expected to work as an individual contributor and shall have excellent communication and collaboration skills. - The candidate shall possess thorough understanding and have experience in implementation of ISO 27001:2013, SSAE 18 SOC 1 & SOC 2, PCI DSS, HIPAA & other industry recommended standards and regulations. - The candidate shall have strong technical understanding of Information Security

Apply Now